Fundamentals of Quality of Service (QoS) (Notes):

Thanks to all time best Cisco instructor Kevin Willis for sharing his video on Youtube! I watched his video to revist QoS fundamentals and re-consolidate previous knowledge. KW, you’re a Legend!

 

 “Quality of Service is a managed unfairness.”

Agenda

  1. Learn QoS Mechanisms
  • QoS is like a tool box with various number of tools, not just one thing
  1. Understand QoS Markings
  • how do we mark different traffics
  1. Demystify Weighted RED
  • Weighted Random Early Detection
  1. Select Appropriate Queuing
  • g.) LAN is running 1GB but WAN network is only 10mb, how does the router handle the 100:1 speed ratio,
  • High priority traffic such as Real-time streaming video or voice vs download/gaming traffic?
  1. Explain the ‘Token bucket’
  2. Configure QoS using MQC

 

Fundamentals of Quality of Service (QoS):

 “Quality of Service is a managed unfairness.”

  1. Learn QoS Mechanisms

If you have all different application fighting for the same bandwidth, you have to decide based on the characteristics of each traffic. Know what the applications are and what the business needs are.

 

10Gb links everywhere, no big deal to have a QoS.

Even within LAN, on high speed network the aggregation point becomes a bottleneck.

 qos1.png

 

IntServ =  RSVP (Resource Reservation Protocol). Sometimes called “hard-QoS”. Bandwidth is pinned-up (reserved) so a certain traffic can use on demand. These days, we rarely see IntServ in use due to inflexible nation of this QoS mechanism.

DiffServ = Differentiated Service. Router will differentiate different traffic types. Put different traffic types for different class. Create no more than 11 different traffic (if everyone is special, nobody is special) <<<Cisco recommendation.

Best effort = FIFO, first in firs served. No QoS enabled.

 

Common QoS Mechanisms – QoS is not a single tool that you just activate. QoS is a collection of tools.

  1. Classification and Marking

e.g.) Boarding pass for an airline – priority marking on boarding pass

Cisco tells us to classify your traffic into no more than 11 network traffic types. Classify and mark the traffic as early as possible on your network, changing bits on the header. Routers and switches can look at the header information and quickly decide whether to forward/drop packets, so the decision becomes really fast. Use access lists (NBAR) to do this. Once the traffic is classified, put the marking on it. However, classification and marking alone does not do anything.

 

  1. Queuing

E.g.) 1GB or 10GB Switch network traffics coming into router network with 10MB link out. If we had FIFO. We only have a limited amount of memory to queue all traffics, once the queue buckets fill-up, the excess traffics will start dropping overflowing from the single bucket. So to make this more efficient based on different traffic’s characteristics, this bucket can be sub-divided into a few smaller buckets, then different traffic can fill-up and use different buckets with varying priorities.

Mark the traffics and it can be put into different buckets. e.g.) VoIP goes into different bucket vs Best effort traffic. Typically VoIP traffic gets DSCP 46 (Differentiated Services Code Point). If VoIP is marked with a DSCP of 46, then put this traffic into one bucket. Everybody else can go into the other bucket. This is called queue separation. Even though the Best Effort buckets gets full and start dropping packets, the VoIP bucket will fill up occasionally and will not get full and impacted by the Best Effort bucket’s performance.

qos2

Cisco has many tools to help us on how to manage queues and dictate emptying these queues. Different Queue mechanisms supported on Cisco IOS?  Weighted Fair Queuing, Class-based weighted Queuing, Low Latency Queuing, Priority queuing, Custom Queuing, In the real world scenario, Class-based weighted Queuing and Low Latency Queuing are most often used.

The beauty of queuing is that it can protect certain traffic just simply separating different traffics into different buckets.

 

  1. Congestion Avoidance

RED – Random Early Detection, drop random traffic for the good of many.

 

  1. Policing and Shaping

Traffic conditioners

Policing – sets speed limit, if some packet is trying to transmit more than allowed, policing drops any exceeding traffic packet and these traffics must be retransmitted if they are TCP packets. If this is UDP packets, there is no retransmission.

Shaping – also sets speed limit, but softer, not enough bandwidth, buffer (delay) the packets and then send them off.

 

  1. Link Efficiency

Not as important as it used to be as we have higher WAN links these days.

  1. Link Fragmentation and Interleaving (LFI) = Sometime on the network on a slow speed link (56kbps link), there is a 1500byte data packet queued up and tiny voice packet has been queued up behind this packet. 214ms to send 1500bytes through 56kbps link.

 

Voice packet speed requirement:

<150ms transmission speed is OK.

>150ms = will start to get bad

>200ms = really get bad

 

E.g.) Analogy, metaphor – Caught at Traffic light and three trailer truck (Data packet) is in front of your sports car (voice packet). Fragment the 3 trailers and send them, but the sports car can swivel through them and get passed through. One issue: due to fragmentation, now you have three headers on each of the trailer, so increased header size. @768kbps (WAN link), if you are sending voice over IP, if less than 768kbps speed, use of LFI will help. If 768kbps or more, do not use LFI, it will hurt the network more than helping.

 

  1. Compression – sending the same amount of data using less bandwidth

The main use on today’s network is ‘RTP header compression’

RTP (Real Time Protocol) is a L4 protocol, depending on what sort of codec we use, the size of the payload could be 20 bytes, add L3 IP header + L4 UDP header + L4 RTP header = 40 bytes of header alone. Your header is 2 times the size of your payload. The payload to header ratio is 1:2. Turn on RTP header compression on the router interface. The routers looks at the voice packets arriving on its interface and see the commonalities between every packets in the same communication, it seems like every packet has the same destination IP address, same source and destination port IDs, why are we sending the same information multiple times? On each end routers, keep the copy of this information and send much smaller header (either 2 bytes or 4 bytes. 4 bytes have checksum. Generally on Cisco devices, it will use 2 bytes). The 2 bytes header contains the session context identifier (CID) which differentiates one voice conversation with another voice conversation. At the far end router, the router uses CID to identify the voice traffic and put the cached header copies onto the coming in traffic and send out to the LAN network.

 

 2. Understand QoS Markings

qos3

L2 marking = Class of Service (CoS)

ISL = not used

IEEE802.1Q = 4 bits added, (3 bits = 8 values (0-7) bits.)

 

6 and 7 bits = reserved for network use

cos 5 = voice traffic

DSCP Values:

CS (Class Selector)

Issue: Only layer 2 marking, if it goes out through a Router, it gets written over.  So, this has to be rewritten at L4 header using Type of Service (TOS) Bytes.

qos4.png

We can use three left bits; we can use IP Precedence (CoS matching only gives 6 classes of traffic as we cannot use 6 & 7 bits as in CoS). IP Precedence is not scalable. We now use DSCP using 6 bits in ToS byte – 0-63 DSCP values can be used. The 64 values gave too many options, so ITF decided to define commonly used DSCP values to set up certain standards.

 qos5

ITF preselected 21 names Per Hop Behaviours (PHB), we can use the number or names that corresponds to ITF names.

qos6

 

 DSCP/PHB Value for Enterprise traffics.

사용자 지정 20

 

  1. Demystify Weighted RED

 Random Early Detection (RED)

사용자 지정 16

When we get to certain level (Min. threshold), start introducing the possibility of dropping. As it moves up and hit the Max Threshold, the chances of dropping packets get bigger.

 사용자 지정 17

 MPD = Mark Probability Denominator

 Cisco IOS already has MPD values, but this can be manipulated. The following is WRED profiles suggested by Cisco.

 사용자 지정 18

  

Explicit Congestion Notification (ECN)

https://www.juniper.net/documentation/en_US/junos/topics/concept/cos-qfx-series-explicit-congestion-notification-understanding.html

Uses the 7th bit in ToS Byte for ECT and 8th bit for CE.

The receding router can mark the ECT and CE bits to binary 1’s and ask the other router to slow down. Otherwise, the packets gets dropped and then the TCP slow-start will kick-in (TCP windowing concept, where the window size is doubled continuously until it reaches threshold value and it drops down and TCP slow-start kicks in.)

 사용자 지정 19

 

 

  1. Select Appropriate Queuing

CB-WFQ vs LLQ

사용자 지정 25

Cisco recommends us to use no more than 11 traffic classes, but one class already is created by default, “class-default”.  Catch-all traffic class, so we can use 12 classes of traffic.

  • class-default uses FIFO.
  • CB-WFQ – during the time of congestion when QoS kicks in, give minimum of x Mbps of bandwidth, but give more if more bandwidth is available.
  • LLQ (priority) queue – during the time of congestion, give up to 3Mbps of bandwidth, but nor more that 3Mbps.

E.g.) Car pool lane or bus lane – if you have more passengers, you have rights to use the special lane, but still needs to keep the speed-limit.

 

  1. Explain the ‘Token bucket’

Using Frame-relay network, speed of 128kbps.

How do you send data at the half the rate of the line speed? of if the full line speed is 128kbps, send at 64kbps speed. Use the analogy of car traveling at 100km/h to reach 50kms in 0.5 hours.

Send & stop, send & stop, this is how the policing and shaping does its magic.

 사용자 지정 26

 

  1. Configure QoS using MQC

고정된 영역 1

고정된 영역 2

고정된 영역 3

 

고정된 영역 4

 

 

 

MQC Demo

QoS configuration is a 3 steps process:

 

Step 1: Create Class-maps

#classify EMAIL TRAFFIC

R1#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

R1(config)#class-map ?

WORD       class-map name

match-all  Logical-AND all matching statements under this classmap

match-any  Logical-OR all matching statements under this classmap

type       Configure CPL Class Map

 

R1(config)#class-map match-any EMAIL

R1(config-cmap)#match protocol pop3

R1(config-cmap)#match protocol imap

R1(config-cmap)#match protocol exchange

R1(config-cmap)#match protocol smtp

R1(config-cmap)#exit

 

R1(config)#class-map VOICE

R1(config-cmap)#match protocol rtp ?

audio             Match voice packets

in-app-hierarchy  Match protocol in transport hierarchy

payload-type      Match an explicit PT

potentially       Match protocol, and all potentiall traffic

video             Match video packets

<cr>

R1(config-cmap)#match protocol rtp audio

 

R1(config-cmap)#exit

 

#WEB TRAFFIC

R1(config)#class-map match-any WEB

R1(config-cmap)#match protocol http

R1(config-cmap)#match protocol secure-http

 

#SCAVENGER TRAFFIC

R1(config)#class-map SCAVENGER

R1(config-cmap)#match protocol bitt

R1(config-cmap)#match protocol bittorrent

R1(config-cmap)#exit

 

R1#show class-map

Class Map match-any class-default (id 0)

Match any

 

Class Map match-any EMAIL (id 1)

Match protocol pop3

Match protocol imap

Match protocol exchange

Match protocol smtp

 

Class Map match-any WEB (id 3)

Match protocol http

Match protocol secure-http

 

Class Map match-all VOICE (id 2)

Match protocol rtp audio

 

Class Map match-all SCAVENGER (id 4)

Match protocol bittorrent

 

 

Step 2: Create Policy-maps

R1(config)#policy-map QOS-LAB1

R1(config-pmap)#?

Policy-map configuration commands:

class        policy criteria

description  Policy-Map description

exit         Exit from policy-map configuration mode

no           Negate or set default values of a command

R1(config-pmap)#class EMAIL

R1(config-pmap-c)#?

Policy-map class configuration commands:

admit            Admit the request for

bandwidth        Bandwidth

compression      Activate Compression

drop             Drop all packets

exit             Exit from class action configuration mode

fair-queue       Enable Flow-based Fair Queuing in this Class

flow             Flow subcommands

log              Log IPv4 and ARP packets

measure          Measure

netflow-sampler  NetFlow action

no               Negate or set default values of a command

police           Police

priority         Strict Scheduling Priority for this Class

queue-limit      Queue Max Threshold for Tail Drop

random-detect    Enable Random Early Detection as drop policy

service-policy   Configure QoS Service Policy

set              Set QoS values

shape            Traffic Shaping

 

R1(config-pmap-c)#set dscp af13

R1(config-pmap-c)#bandwidth 512 <<<give this command first before giving ‘random-detect’ command

R1(config-pmap-c)#end

R1(config-pmap-c)#random-detect ?

atm-clp-based                   Enable atm-clp-based WRED as drop policy

clp                             parameters for each clp value

cos                             parameters for each cos value

cos-based                       Enable cos-class-based WRED as drop policy

discard-class                   parameters for each discard-class value

discard-class-based             Enable discard-class-based WRED as drop

policy

dscp                            parameters for each dscp value

dscp-based                      Enable dscp-based WRED as drop policy

ecn                             explicit congestion notification

exponential-weighting-constant  weight for mean queue depth calculation

precedence                      parameters for each precedence value

precedence-based                Enable precedence-based WRED as drop policy

<cr>

 

R1(config-pmap-c)#random-detect dscp-based <<<default is using cos, this command enables dscp based WRED

R1(config-pmap-c)#random-detect ecn <<<turns on ECN

R1(config-pmap-c)#exit

R1(config-pmap)#class VOICE

R1(config-pmap-c)#priority 256 <<<Enabled LLQ, go first

R1(config-pmap-c)#random-detect dscp-based <<<Since voice traffic is RTP encapsulated in UDP, TCP slow-start will not help us. So, no need to use ECN bits. No need to use WRED.

Must deconfigure priority in this class before issuing this command

R1(config-pmap-c)#exit

R1(config-pmap)#class WEB

R1(config-pmap-c)#bandwidth 768

R1(config-pmap-c)#exit

R1(config-pmap)#class SCAVENGER

R1(config-pmap-c)#police 128000 <<<Set the maximum bandwidth using Policing. This is in bps (bits) not Bps (Bytes).

R1(config-pmap-c-police)#exit

R1(config-pmap-c)#exit

R1(config-pmap)#exit

R1#show policy-map

Policy Map QOS-LAB1

Class EMAIL

set dscp af13

bandwidth 512 (kbps)

Class VOICE

priority 256 (kbps)

Class WEB

bandwidth 768 (kbps)

Class SCAVENGER

police cir 128000 bc 4000

conform-action transmit

exceed-action drop

 

#Marking only can be done on the inbound traffic.

#Shaping can only be applied to outbound traffic.

#Policing can be applied to either directions.

 

R1#conf t

R1(config)#int gi0/0

R1(config-if)#service-policy output QOS-LAB1 <<<Apply configuration to outgoing traffic

R1(config-if)#end

 

R1#show policy-map interface gi0/0

GigabitEthernet0/0

 

Service-policy output: QOS-LAB1

 

queue stats for all priority classes:

Queueing

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 0/0

 

Class-map: EMAIL (match-any)

0 packets, 0 bytes

5 minute offered rate 0000 bps, drop rate 0000 bps

Match: protocol pop3

0 packets, 0 bytes

5 minute rate 0 bps

Match: protocol imap

0 packets, 0 bytes

5 minute rate 0 bps

Match: protocol exchange

0 packets, 0 bytes

5 minute rate 0 bps

Match: protocol smtp

0 packets, 0 bytes

5 minute rate 0 bps

Queueing

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 0/0

QoS Set

dscp af13

Packets marked 0

bandwidth 512 kbps

 

Class-map: VOICE (match-all)

0 packets, 0 bytes

5 minute offered rate 0000 bps, drop rate 0000 bps

Match: protocol rtp audio

Priority: 256 kbps, burst bytes 6400, b/w exceed drops: 0

 

 

Class-map: WEB (match-any)

0 packets, 0 bytes

5 minute offered rate 0000 bps, drop rate 0000 bps

Match: protocol http

0 packets, 0 bytes

5 minute rate 0 bps

Match: protocol secure-http

0 packets, 0 bytes

5 minute rate 0 bps

Queueing

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 0/0

bandwidth 768 kbps

 

Class-map: SCAVENGER (match-all)

0 packets, 0 bytes

5 minute offered rate 0000 bps, drop rate 0000 bps

Match: protocol bittorrent

police:

cir 128000 bps, bc 4000 bytes

conformed 0 packets, 0 bytes; actions:

transmit

exceeded 0 packets, 0 bytes; actions:

drop

conformed 0000 bps, exceeded 0000 bps

 

Class-map: class-default (match-any)

3 packets, 180 bytes

5 minute offered rate 0000 bps, drop rate 0000 bps

Match: any

 

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 3/180

 

Advertisements

4. Install and configure NTP server in Red Hat/Centos 7.5 Linux

NTP (Network Time Protocol) is a protocol which runs over UDP port 123. NTP synchronise clients’ time and date with a master server. Within Enterprise Networking environment, to provide a reliable time service, an NTP server should have a minimum NTP stratum of 5 or less.

Step 1: Install and configure NTP daemon

sudo yum install ntp

 

Step 2: Check and adjust time zone

  1. timedatectl
  2. timedatectl list-timezones <<<to list and find time zones
  3. timedatectl set-timezone Australia/Sydney

Step 3: Enable and start ntpd service

sudo systemctl enable ntpd

sudo systemctl start ntpd

 

Step 4: Check basic NTP functionality

ntpstat

date

ntpq –p

 

Step 5: Check NTP configuration under /etc/ntp.conf

more /etc/ntp.conf

Python: Installing netmiko (paramiko) on Windows 10 PC for automation

In order to write a script and automate your infra devices via ssh/telnet, python uses paramiko. In Linux/MAC OS environment, it is easy to install or this module is already included as a package. For windows, the module installation process is more cumbersome. I have come a few articles on Google attempting to do this but the examples given were clear as mud. Here is a precise steps for the installation and also some troubleshooting URLs referenced for your convenience. 🙂

1. Install Python (https://www.python.org/downloads/https://www.python.org/downloads/)

2. Install Anaconda. (https://store.continuum.io/cshop/anaconda/https://store.continuum.io/cshop/anaconda/)

3. From the Anaconda Prompt (Shell), run “conda install paramiko”.

4. From the Anaconda Prompt (Shell), run “pip install scp”.

5. Install git for Windows. (https://www.git-scm.com/downloadshttps://www.git-scm.com/downloads)

6. From Git Bash window. Clone netmiko with “git clone https://github.com/ktbyers/netmiko&#8221;

7.From Git Bash window. Unable to install Netmiko in windows after it cloned. define the path for python.

bchoi@AUD-4D1KYF2 MINGW32 /h/netmiko (develop)

$ export PATH=$PATH:/C/Users/bchoi/AppData/Local/Programs/Python/Python36-32

8. cd into the netmiko directory and run “python setup.py install”.

bchoi@AUD-4D1KYF2 MINGW32 /h/netmiko (develop)

$ python setup.py install

End result: You can now use parmiko on your windows PC!

paramiko OK

Tip1: To display Windows 10 Roaming folder

https://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_files-insiderplat_pc/windows-10-roaming-folder/6c99ffdc-90d5-4d1d-8ab1-b4f448ecc8ee?auth=1https://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_files-insiderplat_pc/windows-10-roaming-folder/6c99ffdc-90d5-4d1d-8ab1-b4f448ecc8ee?auth=1

Unable to install Netmiko in windows after it cloned:

https://stackoverflow.com/questions/47726184/unable-to-install-netmiko-in-windows-after-it-clonedhttps://stackoverflow.com/questions/47726184/unable-to-install-netmiko-in-windows-after-it-cloned

 

Chasing Packets in GNS3 & Production Environment, Part 2: IOS Embedded Packet Capture & tee off to a TFTF server

aaa2

IOS Embedded Packet Capture Configuration in a nutshell:

r1#monitor capture buffer PAKCETBUFFER size 2048 max-size 128 linear

r1#monitor capture point ip cef E0_0 e0/0 both

r1#monitor capture point associate E0_0 PAKCETBUFFER

r1#monitor capture point start E0_0

 

Generate some traffic: example showing ICMP traffic generation

aaa9

Generate some RTP traffic: example showing use of Cisco IP communicator in this lab

aaa11.png

 

r1#monitor capture point stop E0_0

r1#monitor capture buffer PAKCETBUFFER export tftp://172.168.10.10/mycapture.pcap

 

***You must specify the name of the file, otherwise the teeing off to TFTP server will not work!!!

 

aaa8

 

Example of ICMP traffic packet capture:

aaa10.png

 

Example of RTP traffic packet capture.

aaa7

 

 

=======================================================================

Actual configuration:

r1#monitor capture buffer PAKCETBUFFER size 2048 max-size 128 linear

 

r1#show mon cap buffer PAKCETBUFFER parameters

Capture buffer PAKCETBUFFER (linear buffer)

Buffer Size : 2097152 bytes, Max Element Size : 128 bytes, Packets : 0

Allow-nth-pak : 0, Duration : 0 (seconds), Max packets : 0, pps : 0

Associated Capture Points:

Name : E0_0, Status : Inactive

Configuration:

monitor capture buffer PAKCETBUFFER size 2048 max-size 128 linear

monitor capture point associate E0_0 PAKCETBUFFER

 

r1#mon cap point ip cef E0_0 e0/0 both

*Apr  5 07:30:22.526: %BUFCAP-6-CREATE: Capture Point E0_0 created.

 

r1#show mon cap point all

Status Information for Capture Point E0_0

IPv4 CEF

Switch Path: IPv4 CEF            , Capture Buffer: None

Status : Inactive

 

Configuration:

monitor capture point ip cef E0_0 Ethernet0/0.100 both

 

r1#mon cap point associate E0_0 PAKCETBUFFER

 

r1#show mon cap point all

Status Information for Capture Point E0_0

IPv4 CEF

Switch Path: IPv4 CEF            , Capture Buffer: PAKCETBUFFER

Status : Inactive

 

Configuration:

monitor capture point ip cef E0_0 Ethernet0/0.100 both

 

r1#show mon cap buffer PAKCETBUFFER parameters

Capture buffer PAKCETBUFFER (linear buffer)

Buffer Size : 2097152 bytes, Max Element Size : 128 bytes, Packets : 0

Allow-nth-pak : 0, Duration : 0 (seconds), Max packets : 0, pps : 0

Associated Capture Points:

Name : E0_0, Status : Inactive

Configuration:

monitor capture buffer PAKCETBUFFER size 2048 max-size 128 linear

monitor capture point associate E0_0 PAKCETBUFFER

 

 

r1#show mon cap buffer PAKCETBUFFER parameters

Capture buffer PAKCETBUFFER (linear buffer)

Buffer Size : 2097152 bytes, Max Element Size : 128 bytes, Packets : 0

Allow-nth-pak : 0, Duration : 0 (seconds), Max packets : 0, pps : 0

Associated Capture Points:

Name : E0_0, Status : Active

Configuration:

monitor capture buffer PAKCETBUFFER size 2048 max-size 128 linear

monitor capture point associate E0_0 PAKCETBUFFER

r1#show mon cap buffer PAKCETBUFFER parameters

Capture buffer PAKCETBUFFER (linear buffer)

Buffer Size : 2097152 bytes, Max Element Size : 128 bytes, Packets : 3

Allow-nth-pak : 0, Duration : 0 (seconds), Max packets : 0, pps : 0

Associated Capture Points:

Name : E0_0, Status : Active

Configuration:

monitor capture buffer PAKCETBUFFER size 2048 max-size 128 linear

monitor capture point associate E0_0 PAKCETBUFFER

r1#show mon cap buffer PAKCETBUFFER parameters

Capture buffer PAKCETBUFFER (linear buffer)

Buffer Size : 2097152 bytes, Max Element Size : 128 bytes, Packets : 4

Allow-nth-pak : 0, Duration : 0 (seconds), Max packets : 0, pps : 0

Associated Capture Points:

Name : E0_0, Status : Active

Configuration:

monitor capture buffer PAKCETBUFFER size 2048 max-size 128 linear

monitor capture point associate E0_0 PAKCETBUFFER

r1#show mon cap buffer PAKCETBUFFER parameters

Capture buffer PAKCETBUFFER (linear buffer)

Buffer Size : 2097152 bytes, Max Element Size : 128 bytes, Packets : 657

Allow-nth-pak : 0, Duration : 0 (seconds), Max packets : 0, pps : 0

Associated Capture Points:

Name : E0_0, Status : Active

Configuration:

monitor capture buffer PAKCETBUFFER size 2048 max-size 128 linear

monitor capture point associate E0_0 PAKCETBUFFER

r1#mon cap point stop E0_0

r1#mon cap point stop E0_0

*Apr  5 07:34:11.582: %BUFCAP-6-DISABLE: Capture Point E0_0 disabled.

r1#show mon cap buffer PAKCETBUFFER parameters

Capture buffer PAKCETBUFFER (linear buffer)

Buffer Size : 2097152 bytes, Max Element Size : 128 bytes, Packets : 657

Allow-nth-pak : 0, Duration : 0 (seconds), Max packets : 0, pps : 0

Associated Capture Points:

Name : E0_0, Status : Inactive

Configuration:

monitor capture buffer PAKCETBUFFER size 2048 max-size 128 linear

monitor capture point associate E0_0 PAKCETBUFFER

 

 

r1#show monitor capture buffer PAKCETBUFFER dump

07:33:16.228 UTC Apr 5 2016 : IPv4 LES CEF    : Et0/0.100 None

 

F4E2C230: AABBCC00 0100000C 2978156D 81000064  *;L…..)x.m…d

F4E2C240: 08004560 0034EE83 40007F06 1959C0A8  ..E`.4n.@….Y@(

F4E2C250: 640B8EC8 400B0570 07D079AA FEBF61F3  d..H@..p.Py*~?as

F4E2C260: 050A5018 FAC0BFD0 00000400 00001100  ..P.z@?P……..

F4E2C270: 00000000 000000                      …….

… Content omitted for brevity

 

 

r1#monitor capture buffer PAKCETBUFFER export ?

disk0:  Location to dump buffer

disk1:  Location to dump buffer

ftp:    Location to dump buffer

http:   Location to dump buffer

https:  Location to dump buffer

pram:   Location to dump buffer

rcp:    Location to dump buffer

scp:    Location to dump buffer

snmp:   Location to dump buffer

tftp:   Location to dump buffer

unix:   Location to dump buffer

 

r1#monitor capture buffer PAKCETBUFFER export tftp://172.168.10.10/mycapture.pcap

!

***You must specify the name of the file, otherwise the teeing off to TFTP server will not work!!!

 

Chasing Packets in GNS3 & Production Environment, Part 1: Capturing packets using built-in Live Wireshark Capture in GNS3 1.4.4

Why do you want to do this lab?

You can capture any interesting packets and analyse for your learning purpose, analyzing packet captures can give you the real inside of how the packets are working on the devices and on different segments of the network. Simply reading the books and learn about how packets work behind the scenes is a little like trying to learn something as if you are three wise monkeys (see no evil, hear no evil, speak no evil).

On the real production, you can use other methods to capture interesting packets. Some examples are IOS Embedded Packet capture and tee off the configuration to a TFTP server, use a sniffer using spanning port or remote spanning port. Also, use more advanced method of Cisco NAM (Network Analyzer).

In this part, I will quickly show you how to whiz up a simple lab and capture some packets on GNS3 and Wireshark live capture within, GNS3. In the next section, I will demonstrate IOS Embedded Packet capture and teeing off to a TFTP server. Lastly, I will demonstrate packet capturing using spanning port and remote span.

Prerequisite 1: GNS3 1.4.4 pre-installed on Windows PC/laptop

Prerequisite 2: IOU VM ova deployed and integrated with GNS3

Prerequisite 3: Familiar with VMware workstation and Windows loopback configuration

 

Topology:

aaa1

Step 1: Add devices as below and make all connections. When you add the devices, your GNS3 topology will look like this. Remember to use dummy switches to make connection between your virtual machines and your host PC loopback to your IOU switches.

aaa2.png

Step 2: Configure your routers and switches similar to the configuration found in  the attached zip file.

r1

r2

sw1

sw2

 

Step 3: Capture packets using various link positions

aaa3

aaa4

If you run into the following error, you will have to go to GNS3 setting and update the path of Wireshark.

aaa5

=> Error: SW3: Could not start the packet capture reader: [WinError 2] The system cannot find the file specified: None

Changing path in GSN3 preferences:

C:\Program Files\Wireshark\wireshark.exe” ==> C:\Program Files (x86)\Wireshark\wireshark.exe

 

Step 4: Wireshark will open automatically and start capturing all the traffic on the link you have selected.

e.g.) TCP/IP packet capture example

aaa6.png

e.g.) Voice packet capture using soft phones (On virtual machines) between two work stations and CUCM.

aaa7

Now you can set up any server and clients and study how TCP/IP, UDP work behind the scenes. Jump straight in and try to enjoy your study!

 

Note: This lab can be completed on a single PC, Save Electricity, save Money, save Time, SAVE THE PLANET.

 

 

 

Notes on Cisco QoS: Clearing the fog – Part 4. Modular QoS Lab

Lab topology:

Module QoS 2

How this lab can be configured in GNS3 on a single PC.

  • SW1 and SW2 is the local GNS3 switches, merely serving as a connector between PC1 and HTTP Server respectively. These dummy switches must be used while connecting virtual machines to GNS3 devices.

Module QoS 1

Step 1: Configure R1 and R2 to allow communication between the networks.

R1 base configuration:

hostname R1

interface FastEthernet0/0
ip address 192.168.30.254 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0
ip address 1.1.1.1 255.255.255.0
clock rate 2000000
!
router eigrp 1
network 1.0.0.0
network 192.168.30.0
auto-summary

==============================================

R2 base configuration:

hostname R2

interface FastEthernet0/0
ip address 192.168.40.254 255.255.255.0
duplex auto
speed auto

router eigrp 1
network 1.0.0.0
network 192.168.40.0
auto-summary

==============================================

Step 2: Configure R1 with Access List, class-map and policy-map

access-list 200 permit icmp host 192.168.30.30 host 192.168.40.40 echo
access-list 200 permit icmp host 192.168.30.30 host 192.168.40.40 echo-reply
access-list 100 permit tcp any any eq www

class-map match-all WEB_TRAFFIC
match access-group 100
class-map match-all ICMP_TRAFFIC
match access-group 200

policy-map MODULAR
class ICMP_TRAFFIC
bandwidth 256
class WEB_TRAFFIC
bandwidth 128
class class-default

Step 3: Apply policy map to output queue of Serial 0/0

!Apply Service-policy to output interface s0/0

interface Serial0/0
ip address 1.1.1.1 255.255.255.0
clock rate 2000000
 service-policy output MODULAR

==============================================

Step 4: Run quick check on the configuration

R1#show class-map
Class Map match-all WEB_TRAFFIC (id 1)
Match access-group  100

Class Map match-any class-default (id 0)
Match any

Class Map match-all ICMP_TRAFFIC (id 2)
Match access-group  200

R1#show policy-map
Policy Map CCIE
Class ICMP_TR
Bandwidth 128 (kbps) Max Threshold 64 (packets)
Class WEB_TR
Bandwidth 64 (kbps) Max Threshold 64 (packets)
Class class-default

==============================================

Before any ping or http traffic is sent across the WAN link

R1#show policy-map interface s0/0
Serial0/0

Service-policy output: MODULAR

Class-map: ICMP_TRAFFIC (match-all)
    0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 112
Queueing
Output Queue: Conversation 265
Bandwidth 128 (kbps)Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0

Class-map: WEB_TRAFFIC (match-all)
      0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 120
Queueing
Output Queue: Conversation 266
Bandwidth 64 (kbps)Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0

Class-map: class-default (match-any)
697 packets, 46091 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any

==============================================

Step 5: Generate ICMP traffic by pining the server from the client PC

To generate ICMP traffic, from the client PC (192.168.30.30) ping http server at 192.168.40.40.
ICMP pinging

‘show policy-map interface s0/0’ after 8 ping messages have been sent from 192.168.30.30 (client) to 192.168.40.40 (Server)

R1#show policy-map interface s0/0
Serial0/0

Service-policy output: MODULAR

Class-map: ICMP_TRAFFIC (match-all)
8 packets, 512 bytes <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 112
Queueing
Output Queue: Conversation 265
Bandwidth 128 (kbps)Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0

Class-map: WEB_TRAFFIC (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 120
Queueing
Output Queue: Conversation 266
Bandwidth 64 (kbps)Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0

Class-map: class-default (match-any)
766 packets, 50456 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any

==============================================

Step 6: Access web page of http server from the client PC

To generate some http traffic, access http://192.168.40.40/ from the client PC to HTTP Server.
Access IIS

==============================================

show policy-map interface serial0/0 after generating http traffic

R1#show policy-map interface s0/0
Serial0/0

Service-policy output: MODULAR

Class-map: ICMP_TRAFFIC (match-all)
    12 packets, 768 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 112
Queueing
Output Queue: Conversation 265
Bandwidth 128 (kbps)Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0

Class-map: WEB_TRAFFIC (match-all)
13 packets, 2539 bytes <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 120
Queueing
Output Queue: Conversation 266
Bandwidth 64 (kbps)Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0

Class-map: class-default (match-any)
878 packets, 57842 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any

 

==============================================

R1#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C       1.1.1.0/24 is directly connected, Serial0/0
D       1.0.0.0/8 is a summary, 00:59:46, Null0
C    192.168.30.0/24 is directly connected, FastEthernet0/0
D    192.168.40.0/24 [90/2195456] via 1.1.1.2, 00:59:41, Serial0/0

 

R2#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C       1.1.1.0/24 is directly connected, Serial0/0
D       1.0.0.0/8 is a summary, 00:04:16, Null0
D    192.168.30.0/24 [90/2195456] via 1.1.1.1, 00:04:11, Serial0/0
C    192.168.40.0/24 is directly connected, FastEthernet0/0

 

All this lab was done on a laptop, go easy on the environment. 🙂

On a single PC

Notes on Cisco QoS: Clearing the fog – Part 2. Quality issues

Quality of Service

QOS = Method of giving priority to some specific traffic as moving over the network.

The basic aim of QoS is to have a consistent and predictable performance on your network.

 

1 qos intro

General characteristics of today’s Converged Network:

  • Small voice packet compete with bursty data packets, many different applications are using network as services
  • Critical traffic must get priority over less critical traffic, without QoS, default behavior is First In First Out (FIFO)
  • Voice and video traffics are time-sensitive
  • Outages are not acceptable

 

Converged Network Quality issues:

  • Lack of Bandwidth
  • Packet Loss
  • Delay
  • Jitter

 

Bandwidth

2 Bandwidth Measure.png

  • Maximum available bandwidth is the slowest link on the traffic paths
  • On the same physical links (traffic paths), multiple flows compete for the same bandwidth, multiple applications sharing the same bandwidth
  • Lack of bandwidth causes performance degradation on network applications

 

 

Packet Loss

3 Tail Drop due to Queue Congestion

Packet loss due to Tail Drop: Queue only can so much packets and once it is full and more packets arrive at the tail end of the queue before the queue is emptied (due to link congestion etc.), the packets will be dropped, and this behavior is called ‘Tail Drop’. If the tail drop occurs to the time sensitive traffics such as voice and video, the effects are immediately felt by the users on the flow. If this happens to data traffic, it may interrupt file transfer and corrupt the file.

 

 

Delay

4 Types of Delay

  • Processing Delay – time taken by router to process packets from an input interface and put them into the output queue of output interface
  • Queuing Delay – time a packet resides in the output queue of a router
  • Serialization Delay – time taken to place bits on the wire
  • Propagation Delay – time taken for packets to cross links from one end to the other end

 

 

Jitter

5 Jitter

  • Packets from a source will reach a destination with different delay times
  • Congestion on the network will cause jitter
  • Congestion can occur at a router interface/Service Provider network if the circuits are not properly provisioned